Total
13157 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-12783 | 1 Matroska | 3 Libebml2, Mkclean, Mkvalidator | 2025-04-20 | N/A |
| The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | ||||
| CVE-2015-7976 | 4 Novell, Ntp, Opensuse and 1 more | 10 Suse Openstack Cloud, Ntp, Leap and 7 more | 2025-04-20 | N/A |
| The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. | ||||
| CVE-2015-5300 | 7 Canonical, Debian, Fedoraproject and 4 more | 21 Ubuntu Linux, Debian Linux, Fedora and 18 more | 2025-04-20 | N/A |
| The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). | ||||
| CVE-2014-6438 | 1 Ruby-lang | 1 Ruby | 2025-04-20 | N/A |
| The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string. | ||||
| CVE-2017-0012 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-20 | N/A |
| Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069. | ||||
| CVE-2017-0620 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35401052. References: QC-CR#1081711. | ||||
| CVE-2017-0613 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35400457. References: QC-CR#1086140. | ||||
| CVE-2017-13685 | 1 Sqlite | 1 Sqlite | 2025-04-20 | N/A |
| The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. | ||||
| CVE-2017-3792 | 1 Cisco | 8 Telepresence Mcu 4505, Telepresence Mcu 4510, Telepresence Mcu 4515 and 5 more | 2025-04-20 | N/A |
| A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco TelePresence MCU platforms TelePresence MCU 5300 Series, TelePresence MCU MSE 8510 and TelePresence MCU 4500 are affected when running software version 4.3(1.68) or later configured for Passthrough content mode. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available, but mitigations are available. Cisco Bug IDs: CSCuu67675. | ||||
| CVE-2016-10387 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario. | ||||
| CVE-2016-7998 | 1 Spip | 1 Spip | 2025-04-20 | N/A |
| The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action. | ||||
| CVE-2015-9039 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in eMBMS where an assertion can be reached by a sequence of downlink messages. | ||||
| CVE-2012-1301 | 1 Umbraco | 1 Umbraco Cms | 2025-04-20 | 9.8 Critical |
| The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter. | ||||
| CVE-2017-9263 | 2 Openvswitch, Redhat | 3 Openvswitch, Enterprise Linux, Openstack | 2025-04-20 | N/A |
| In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. | ||||
| CVE-2015-9049 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of certain responses from the USIM. | ||||
| CVE-2015-9051 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on a length in a System Information message. | ||||
| CVE-2015-9060 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not properly validated in a QTEE system call. | ||||
| CVE-2015-9061 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory. | ||||
| CVE-2015-9068 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a mink syscall is not properly validated. | ||||
| CVE-2015-9069 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted. | ||||